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REMARKS 

In the non-final Office Action, the Examiner rejects claims 1, 4, 5, 8-10, 12-14, 
16, 19, and 20 under 35 U.S.C. § 102(a) and/or 102(e) as anticipated by SCHNEIER et al. 
(U.S. Patent Application Publication No. 2002/0087882); rejects claims 6, 15, and 21 
under 35 U.S.C. § 103(a) as unpatenable over SCHNEIER et al; and rejects claims 7 and 
22 under 35 U.S.C. § 103(a) as unpatentable over SCHNEIER et al. in view of BATES et 
al. (U.S. Patent No. 6,785,732). Applicants respectfully traverse these rejections. 1 
Claims 1, 4-10, 12-16, and 19-22 are pending. 

Claims 1, 4, 5, 8-10, 12-14, 16, 19, and 20 stand rejected under 35 U.S.C. § 
102(a) and/or 102(e) as allegedly anticipated by SCHNEIER et al. Applicants traverse 
this rejection. 

Independent claim 1 recites a device that includes at least one interface configured 
to receive data transmitted via a network; a firewall configured to: receive data from the 
at least one interface, determine whether the data potentially contains malicious content, 
and identify first data in the received data that potentially contains malicious content; 
intrusion detection logic configured to: receive the first data, and generate report 
information based on the first data; and forwarding logic configured to: receive the report 
information, forward the first data for processing by a user application when the report 
information indicates that the first data does not contain malicious content; and forward 
the report information to a remote central management system when the report 

1 As Applicants' remarks with respect to the Examiner's rejections are sufficient to overcome these 
rejections, Applicants' silence as to assertions by the Examiner in the Office Action or certain requirements 
that may be applicable to such rejections (e.g., whether a reference constitutes prior art, motivation to 
combine reference, assertions as to dependent claims, etc.) is not a concession by Applicants that such 
assertions are accurate or such requirements have been met, and Applicants reserve the right to analyze and 
dispute such assertions/requirements in the future. 
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information indicates that the first data potentially contains malicious content, the report 
information allowing the remote central management system to make a forwarding 
decision on behalf of the device. SCHNEIER et al. does not disclose or suggest this 
combination of features. 

For example, SCHNEIER et al. does not disclose or suggest forwarding logic 
configured to receive report information and forward first data for processing by a user 
application when the report information indicates that the first data does not contain 
malicious content. The Examiner relies on paragraph 0064 of SCHNEIER et al. as 
allegedly disclosing this feature (Office Action, pg. 3). Applicants respectfully disagree 
with the Examiner's interpretation of SCHNEIER et al. 

At paragraph 0064, SCHNEIER et al. discloses: 

FIG. 2 is a system overview of an exemplary embodiment of a probe/sentry system. One 
or more such systems can be installed at each customer site to monitor the customer's 
network and network components. (A database of all network components monitored by 
such probe/sentry systems may be stored by SOCRATES 6000 in a database similar to 
that suggested in TABLE 7 of Appendix C.) Data collected by sensors 1010, 1020, 1030 
and 1040 (note that four sensors are shown solely by way of example and are not meant 
to limit the scope of the invention) are collated by sensor data collator 2010. Once 
collated, the data is first filtered by negative filtering subsystem 2020, which discards 
uninteresting information, and then by positive filtering subsystem 2030, which selects 
possibly interesting information and forwards it to communications and resource 
coordinator 2060. Data neither discarded by negative filtering subsystem 2020 nor 
selected out as interesting by positive filtering subsystem 2030 form the "residue," which 
is sent to anomaly engine 2050 for further analysis. Anomaly engine 2050 determines 
what residue information may be worthy of additional analysis and sends such 
information to communications and resource coordinator 2060 for forwarding to the 
SOC. Negative filtering, positive filtering, and residue analysis are examples of data 
discrimination analyses, other types of which are well-known to those skilled in the art. 



This section of SCHNEIER et al. discloses a probe/sentry system that analyzes and acts 
on interesting data or anomalies by filtering data by a negative filtering subsystem to 
discard uninteresting information and then filtering the data by a positing filtering 
subsystem, which selects possibly interesting information and forwards it to a 
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communications and resource coordinator. Specifically, this section of SCHNEIER et al. 

discloses filtering and discarding uninteresting data (i.e. data the does not contain 

malicious content), not receiving report information based on the data, as recited in claim 

1. 

This section of SCHNEIER et al. further discloses sending "residue" (i.e. data 
neither discarded by the negative filtering subsystem nor selected out as interesting by the 
positing filtering subsystem) to an anomaly engine for further analysis. The "residue" of 
SCHNEIER et al. does not correspond to data that does not contain malicious content 
since the "residue" is the leftover data, not data that has been discarded by the negative 
filtering subsystem. Therefore, this section of SCHNEIER et al. does not disclose or 
suggest forwarding logic configured to receive report information and forward first data 
for processing by a user application when the report information indicates that the first 
data does not contain malicious content, as recited in claim 1 . 

Furthermore, as noted above, SCHNEIER et al. discloses discarding uninteresting 
data, not forwarding the data for processing by a user application, as recited in claim 1. 
Therefore, this section of SCHNEIER et al. does not disclose or suggest forwarding logic 
configured to receive report information and forward first data for processing by a user 
application when the report information indicates that the first data does not contain 
malicious content, as recited in claim 1 . 

For at least the foregoing reason, Applicants submit that claim 1 is not anticipated 
by SCHNEIER et al. 
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Claims 4, 5, 8, and 9 depend from claim 1. Therefore, these claims are not 

anticipated by SCHNEIER et al. for at least the reasons given above with respect to claim 

1. 

Independent claims 10 and 16 recite features similar to, yet possibly of different 
scope than, features recited above with respect to claim 1. Therefore, Applicants submit 
that claims 10 and 16 are not anticipated by SCHNEIER et al. for reasons similar to the 
reasons given above with respect to claim 1. 

Claims 12-14 depend from claim 10. Therefore, claims 12-14 are not anticipated 
by SCHNEIER et al. for at least the reasons given above with respect to claim 10. 

Claims 19 and 20 depend from claim 16. Therefore, claims 19 and 20 are not 
anticipated by SCHNEIER et al. for at least the reasons given above with respect to claim 
16. 

Claims 6, 15, and 21 stand rejected under 35 U.S.C. § 103(a) as unpatentable over 
SCHNEIER et al. Applicants respectfully traverse this rejection. 

Claim 6 depends from claim 1, claim 15 depends from claim 10, and claim 21 
depends from claim 16. The Examiner's obviousness statement does not remedy the 
deficiencies in the disclosure of SCHNEIER et al. set forth above with respect to claims 
1, 10, and 16. Therefore, claims 6, 15, and 21 are patentable over SCHNEIER et al. for 
at least the reasons given above with respect to claims 1, 10, and 16. 

Claims 7 and 22 stand rejected under 35 U.S.C. § 103(a) as allegedly unpatentable 
over SCHNEIER et al. in view of BATES et al. Applicants respectfully traverse this 
rejection. 
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Claim 7 depends from claim 1 and claim 22 depends from claim 16. The 

disclosure of BATES et al. does not remedy the deficiencies in the disclosure of 

SCHNEIER et al. set forth above with respect to claims 1 and 16. Therefore, claims 7 

and 22 are patentable over SCHENIER et al. and BATES et al., whether taken alone or in 

any reasonable combination, for at least the reasons set forth above with respect to claims 

1 and 16. 

In view of the foregoing remarks, Applicants respectfully request withdrawal of 
the outstanding rejections and the timely allowance of this application. 
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To the extent necessary, a petition for an extension of time under 37 C.F.R. § 

1.136 is hereby made. Please charge any shortage in fees due in connection with the 

filing of this paper, including extension of time fees, to Deposit Account 50-1070 and 

please credit any excess fees to such deposit account. 

Respectfully submitted, 
HARRITY SNYDER, L.L.P. 



Date: October 26, 2007 

11350 Random Hill Road 
Suite 600 

Fairfax, VA 22030 
(571)432-0800 

Customer Number: 25537 



By: /Meagan S. Walling, Reg. No. 60112/ 
Meagan S. Walling 
Reg. No. 60,112 
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